BurpMCP
14
BurpMCP is a Burp Suite extension that incorporates AI to help security testers find vulnerabilities in HTTP-based applications. It focuses on enhancing manual testing with LLM capabilities and offers various features to streamline application security processes.
BurpMCP
BurpMCP is a Burp Suite extension designed to enhance manual application security testing with modern AI capabilities. It integrates with large language models (LLMs) to assist testers in navigating complex vulnerabilities in HTTP-based applications. Features include AI-assisted requests, HTTP 1.1 and 2 reliability testing, and out-of-band testing with Burp Collaborator.
Installation
- Download the jar file from releases and load it into Burp.
- MCP server runs on localhost port 8181 over SSE.
Usage
- Right-click any request, select
Extensions -> Send to BurpMCPto save requests for analysis.
Examples
- Refer to the Showcase for successful usage examples.
Known Issues
- LLMs may neglect critical request components or headers.
- Using LLMs for HTTP/1.1 testing might require LF to CRLF replacement.